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Description 

Field of the Invention 

The present invention concerns an improved 
means and method for secure communication and, 
more particularly, secure communication between var- 
ying types of user equipments employing differing cryp- 
tographic algorithms and/or cipher keys. 

Background of the Invention 

A broad variety of cryptographic techniques and 
corresponding apparatus have been developed to meet 
increasing needs for secure communications among ci- 
vilian and military users. These needs are fostered by 
increasingly stringent security requirements for industri- 
al, financial, government, police, subscriber media, and 
other commercial and civil endeavors wherein unau- 
thorized data interception would cause harm to the pub- 
lic good or to private business interests. 

Typical encrypted data includes computer-based 
records, telephone conversations and other voice data, 
telemetry, facsimile transmissions, earth-satellite and 
satellite-satellite communications from a variety of 
sources including the Global Positioning System, and 
subscriber information distribution systems. Motivations 
for encrypting data include improved signal to noise ratio . 
by promoting a more even data mix (e.g., transmitting 
an encrypted, balanced mixture of "ones" and "zeroes" 
rather than an unbalanced, non-encrypted string of 
"ones" or "zeroes"), enforcement of subscription fees, 
privacy of privileged conversation, national security con- 
cerns, and maintenance of financial transaction integrity 
for both prevention of computer-based crimes and to 
provide convincing assurance of confidentiality and user 
authorization. 

Improved sophistication in intelligence surveillance 
and code-breaking methods have motivated the crea- 
tion of new ciphering algorithms and corresponding 
equipments. By way of example and not intended to be 
limiting, several classes of cryptographic methods cur- 
rently in broad use include the Data Encryption Stand- 
ard (DES), as described in Federal Information Process- 
ing Standards Publications FIPS 46-1 , "Data Encryption 
Standard," and FIPS 81, "DES Modes of Operation," 
both published by the United States Department of 
Commerce. 

An element common to these diverse cryptographic 
devices and algorithms is the need for authorized send- 
ers and receivers to share cipher key information of 
some form enabling encryption and subsequent decryp- 
tion of the intended message. 

A disadvantage of prior art public-key cryptographic 
systems for secure communications such as telephony 
is that public-key data encryption and decryption is a 
very slow process. Accordingly, public-key cryptogra- 
phy is often used to transmit small amounts of informa- 



tion, such as a traffic key for a more rapid cryptographic 
technique, in a secure fashion over a public transmis- 
sion medium, such as a radio channel or a telephone 
line. 

5 Encryption methods for real-time bidirectional com- 

munication include a variety of ciphering techniques 
such as those disclosed in FIPS 46-1 and 81 , supra, and 
other techniques developed by companies supplying 
such apparatus. These methods are capable of provid- 

io ing excellent data integrity provided that both parties 
have or have access to suitable traffic keys for data ci- 
phering. Typically these methods operate on blocks of 
digital data formed from input data of varying digital or 
analog form. 

'5 Sometimes multiple communication channels must 
be used, as for example when more than a single sender 
and receiver are involved, either serially or in parallel. 
Frequently, not all users have identical equipment or 
identical cryptographic keys or algorithms. Under these 

20 circumstances, redundant equipments differing in ci- 
pher keys or cryptographic algorithms and devices may 
well be needed at each sending or receiving site. This 
results in increased communication equipment needs 
and expenses. Further, where the type of communica- 

25 tions equipment must be mobile or portable, the power 
requirements, weight, and large size necessary to ac- 
commodate multiple, separate secure communications < 
systems are unacceptable. 

From the document in "Proceedings of the Interna- 

30 tional Carnahan Conference on Security Technology", 
4 October 1 983, Zurich, pp95-1 02, by Chorley et al. , en- 
titled "The definition and implementation of a secure 
communications protocol", there is known a method for 
establishing a secure communications link between first 

35 and second terminals wherein the terminals follow the 
procedure including the steps of: 

selecting in at least one terminal a common key 
generation and ciphering method ; 
40 exchanging a message containing user authentica- 
tion information; 

exchanging a message for providing data to form 
traffic keys; 

exchanging a message for synchronizing secure 
45 communications; and 

. initiating secure communication. 

Even when a single communications terminal ac- 
commodates multiple ciphering techniques, user knowl- 

so edge of the other party's capabilities and manual user 
selection of suitable secure communications apparatus 
may be required. This can compromise communications 
security by increasing user knowledge of the details of 
the security algorithm and hardware employed, by 

55 spreading of authorized user information over a broader 
number of individuals, and by increasing user involve- 
ment in the detailed arrangements required to initiate 
secure communication. This increases the risk of error 
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in effecting secure communications links. 

What is needed is a means for rapid real-time se- 
cure communications which accommodates multiple ci- 
phering algorithms and cipher keys in a single appara- 
tus, so that authorized, self-synchronizing communica- 
tions can be established and maintained between di- 
verse parties. It is further desirable that the apparatus 
be compact, light weight and have low power require- 
ments. 

Summary of the Invention 

According to the present invention, a novel method 
for effecting cryptographic communication between di- 
verse ciphering systems is disclosed. 

The present invention provides a method for estab- 
lishing a secure communications link between first and 
second terminals as claimed in claim 1 . 

The above and other features and advantages of 
the present invention will be better understood from the 
following detailed description taken in conjunction with 
the accompanying drawings. 

Brief Description of the Drawing 

FIG. 1 is a schematic diagram of a secure commu- 
nication system using the public telephone system 
in accordance with the present invention; 
FIG. 2 is a schematic diagram of a key management 
data base in accordance with the present invention; 
FIG. 3 is an illustration of a portion of the message 
sequence for initiating secure communication in ac- 
cordance with the present invention; 
FIG. 4 is a flow chart illustrating the data rate and 
cipher algorithm matching process in accordance 
with a preferred embodiment of the present inven- 
tion; 

FIG. 5 is a flow chart illustrating further details of a 
portion of the message exchange of FIG. 3 for es- 
tablishing secure communication in accordance 
with the preferred embodiment of the present inven- 
tion; 

FIG. 6 illustrates a schematic example of a secure 
communications terminal in accordance with the 
preferred embodiment of the present invention; and 
FIG. 7 illustrates the assignment of bits represent- 
ing key generating capabilities in a message ex- 
changed between transmitting and receiving termi- 
nals in accordance with the preferred embodiment 
of the present invention. 

Description of the Preferred Embodiment 

As used herein the words "encryption", "encipher- 
ing" and "encoding" mean conversion of a plain-text 
message to a secure message, while "decryption", "de- 
ciphering" and "decoding" refer to the inverse of this 
process. 



FIG. 1 illustrates secure communication system 
1 00, comprising telephone network 1 20, telephone lines 
107, and secure communications terminals 103, 109, as 
for example, secure telephones. In operation, voice data 

5 are digitized in one of secure communications terminals 
103, 109. As used herein, the words "telephone" or 
"communications terminal" are intended to include any 
device for transmitting information including but not lim- 
ited.to audio information, facsimile, video, computer da- 

io ta, graphic data and combinations thereof, and the 
words "voice" or "data" or "voice data" are intended to 
include these and all other types of transmissible infor- 
mation. 

Input data are encrypted in terminal 1 03 or 1 09 and 

is subsequently transmitted via telephone lines 107 and 
telephone network 120 to, for example, another of se- 
cure communications terminal 109 or 103, wherein the 
encryption and digitizing processes are reversed, pro- 
viding plain-text data equivalent to the original input da- 

20 ta. Alternative transmission media, such as radio links, 
packet-switched data networks, dedicated lines or other 
communications channels are usefully employed in lieu 
of telephone lines 107 and telephone network 120. Mo- 
dems, which can be external or internal to secure com- 

25 munications terminals 103, 109, are conventionally em- 
ployed for communicating digital data streams over tel- 
ephone lines or other communications links. 

The present invention overcomes the problems of 
the prior art by providing within one or both of terminals 

30 103, 109 a means and method for encrypting and de- 
crypting messages according to one of several possible 
protocols that both terminals can understand so that ter- 
minals of differing characteristics and protocols can talk 
to each other. In a preferred embodiment, the protocol 

35 selection is automatic and transparent to the user. A pre- 
ferred hierarchy of protocols is desirably included. In this 
way the invented multi-protocol terminal can communi- 
cate with other non-identical terminals. 

FIG. 2 is a schematic example of key management 

40 data base 210 within secure communications terminal 
103 (and/or 109) wherein multiple ciphering keys and 
devices KG1-KGN are organized. KG1-KGN are devic- 
es which provide encryption/decryption of messages 
according to one of N predetermined algorithms using 

45 keys appropriate to the particular algorithm chosen. 
Control means 21 5 are coupled to the multiple ciphering 
keys and devices KG1-KGN by means of interconnec- 
tions 220, allowing a particular ciphering algorithm to be 
selectively employed in accordance with control means 

50 215. Each secure communication terminal 103, 109 can 
contain a pair of key management data bases 210, one 
dedicated to encrypting and transmitting information 
and the other dedicated to receiving and decrypting in- 
formation. A single key management database 210 can 

55 also serve both functions and is preferred. Only one of 
the two (or more) communications terminals 103, 109 
need have multiple ciphering keys and devices 
KG1-KGN. The other terminal need have only one of 
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those found in the multi-device terminal. 

Before secure communications can begin, termi- 
nals 103, 109 must be initialized. According to a pre- 
ferred embodiment of the present invention initialization 
proceeds in one of two modes, the manual key manage- 
ment mode or the public key management mode. The 
public key management mode avoids the inconven- 
ience of physically transporting (e.g., hand carrying) a 
unique pair of cipher keys specific to the particular com- 
munication to the secure communications terminals. 

FIG. 3 is an illustration of a portion of a message 
sequence for automatically initiating secure communi- 
cation between terminals A and B (e.g., terminals 103, 
109) in the public key mode in accordance with the 
present invention. As schematically illustrated in FIG. 3, 
the public key management mode involves exchange of 
four messages, identified as (i) Access Domain and Ca- 
pabilities (AD&C) Message 211, (ii) Authentication Mes- 
sage (AM) 230, (iii) Random Component Message 
(RCM) 250, and (iv) Cryptographic Synchronization 
(CS) Message 270. Each of these messages is desira- 
bly of a predetermined length comprising a series of 
bytes. Each byte desirably contains information of a 
specific type (e.g., available encryption devices, modem 
type, et cetera) and the complete message is formed, 
for example, by concatenating the appropriate group of 
bytes to form the message. 

Access Domain and Capabilities (AD&C) Message 
211 in this case provides: choice of key management 
mode, choice of key generator (KG) algorithm selected, 
certification authority for the terminal, and any additional 
terminal capabilities (e.g., data rate). FIG. 4 is a flow 
chart illustrating method 200 by which AD&C Message 
211 of FIG. 3 is used to establish data rate and cipher 
algorithm matching in accordance with the present in- 
vention. 

Method 200 illustrated in FIG. 4 comprises the steps 
of exchanging Access Domain and Capabilities (AD&C) 
Messages in block 211, an iterative loop 213, 216, 217, 
including the steps of checking a next data rate 21 3, de- 
cision step 21 6 for determining if a suitable data rate has 
been identified, verifying whether or not all data rates 
have been checked 217, proceeding to loop 219, 221, 
222 when decision step 216 locates a data rate match, 
or terminating communication 218 if all data rates have 
been checked without finding a match. Loop 219, 221, 
222, includes the steps of checking a next cipher algo- 
rithm 219, decision step 221 for determining if a suitable 
cipher algorithm has been identified (i.e., one common 
to both terminals), and verifying 222 that all cipher algo- 
rithms have been checked, followed by a step of pro- 
ceeding 224 when decision step 221 locates a cipher 
algorithm match, or terminating communication 218 if 
all cipher algorithms have been checked without finding 
a match. 

By way of example and not intended to be limiting, 
consider the case where only two possible key genera- 
tors designated KG1 and DES are included andthe DES 



key generator is given preferred status in the event that 
both KG1 and DES are common to the two terminals. In 
this situation method 200 concludes the AD&C mes- 
sage exchange with one of four possible outcomes: (i) 

5 if no match is found between the two terminals, the call 
is terminated; (ii) if only the KG1 mode is common to the 
two terminals, the KG1 key generator is used; (iii) if only 
the DES key generator is common to the two terminals, 
the DES key generator is used, and (iv) if both the DES 

10 and the KG1 modes are common to both terminals, the 
DES key generator is used. Similar outcomes apply for 
longer lists of key generator capabilities, with the highest 
common preferred status key generator being chosen 
for continued communication. The order of preference 

15 of key generators may be pre-programmed into the ter- 
minals or transmitted as part of the AD&C or other mes- 
sage. 

The capabilities of the terminals are indicated by 
specific bytes or groups of (e.g., eight) bits, within an 

20 overall message. Specific bits of a specific byte are used 
to indicate a given capability according to a predeter- 
mined protocol. For example, the leading bit of the key 
generator capability byte can be chosen to represent a 
capability for a proprietary key generator, with the next 

2S bit chosen to represent a capability for a DES-type key 
generator. A simitar convention can be employed for da- 
ta rate capabilities, et cetera. 

. FIG. 5 is a flow chart illustrating the exchange of 
second, third, and fourth messages 230, 250, 270 of 

30 FIG. 3 to determine validity of terminal credentials, set- 
ting up traffic keys and synchronizing the encryption/de- 
cryption process. The following steps are performed in 
accordance with the present invention: Authentication 
Message (AM) exchange 230, Random Component 

35 Message (RCM) exchange 250, and Cryptographic 
Synchronization (CS) Message exchange 270. Verifica- 
tion (block 275) is also desirable for establishing secure 
communication (block 277). 

FIG. 5 comprises loop 230, 233, 235, 237 including 

40 steps of Authentication Message (AM) exchange (block 
230), verification (block 233) of AM exchange, AM de- 
cryption and public key extraction (block 235), AM ver- 
ification (block 237) and termination of communications 
218 if AM verification fails. These steps are followed by 

45 steps of random number generation (block 245), ran- 
dom number encryption using, for example, public key 
cryptography (block 247), and Random Component 
Message exchange (block 250) and traffic key genera- 
tion (block 267), Cryptographic Synchronization mes- 

50 sage generation and transmission (block 270), data 
mode determination (block 273), cryptographic syn- 
chronization verification (block 275) and continuation of 
communication (block 277). 

AM exchange (block 230) provides information 

55 identifying certified user authentication information, the 
certified user public key, and the certified information ex- 
piration date. This message is processed using public 
key cryptography to encrypt and decrypt the message 
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according to means well known in the art. 

A random number is generated in each terminal 
(block 245) and sent to the other terminal after being 
encrypted, for example, using the public key received in 
the AM. Thus, each Random Component Message 
(RCM) exchanged (block 250) contains a random 
number, generated by the communications terminal 
originating the exchanged RCM. This random number 
should be of sufficient length to provide a traffic key for 
any of the key generators employed in the secure com- 
munications system. This first random number is also 
stored in the originating terminal and combined (block 
267) with a second random number decrypted from a 
Random Component Message returned by the other ter- 
minal. The combined first and second random numbers 
form a third random number. Meanwhile, the same thing 
is happening in the other terminal wherein the received 
(first) random number is combined with the internally 
generated (second) random number to produce the 
same third random number. The third random number 
is used as a traffic key for the selected (block 221 of FIG. 
4) key generator for both the terminals, and is loaded 
therein starting with the most significant bit. Any unused 
bits in the traffic key are discarded, allowing a single ap- 
paratus to generate varying traffic key lengths to accom- 
modate the potentially differing requirements of a plu- 
rality of key generators within key management data 
base 210 (see FIG. 2). The first random number is en- 
crypted (block 270) prior to incorporation into and ex- 
change of RCM (block 250) by, for example, use of the 
certified user public key contained in the received Au- 
thentication Message (block 230). The same thing hap- 
pens to the second random number coming from the 
other terminal. One method for combining the first and 
second random values (block 267) is modulo-two addi- 
tion, readily implemented by exclusive-ORing the ran- 
dom numbers in a bit-wise fashion, as is well known in 
the art. However, other means and methods well known 
in the art for combining binary numbers may also be 
used. 

Cryptographic Synchronization (CS) Message 270 
delivers: traffic modality (voice, data, etc.) information, 
cryptographic information as required, and KG synch 
verification. A linear feedback shift register, or LFSR, 
(not shown) may be employed as a portion of the cryp- 
tographic apparatus. Linear feedback shift registers re- 
quire a starting value or seed. The seed is an example 
of cryptographic information which may be required as 
a part of CS message 270. LFSR's are well known in 
the art. 

A preferred method for KG synchronization verifica- 
tion is to transmit data which are an encrypted version 
of a known, or check, data pattern. These data are gen- 
erated by loading an LFSR with a seed, synchronizing 
the transmit LFSR and transmit KG , and then encrypting 
the seed and the check pattern using the transmit LFSR 
and KG. When these received data are decrypted by the 
receiving secure communications terminal, the received 



seed is loaded into the receive LFSR and the check data 
pattern is compared to a stored version thereof. A match 
between these is indicative of cryptographic synchroni- 
zation of the secure communications terminals. 

5 These steps thus allow secure communications ter- 
minals having multiple cryptographic capabilities to au- 
tomatically (i) select an appropriate cryptographic mode 
from a predetermined hierarchy of cryptographic 
modes, (ii) select a common data rate, (iii) carry out ap- 

10 propriate terminal identification and user authorization, 
(iv) exchange traffic keys via a public key or another 
method, and (v) effect cryptographic communications 
synchronization and verification. 

The foregoing steps are carried out in a fashion 

15 which is largely operator transparent, increasing system 
security and requiring less knowledge of detailed cryp- 
tographic procedures and methods of the operator. 

In the manual key management mode, the call set- 
up sequence consists of the exchange of Access Do- 

20 main and Capabilities (AD&C) Message 211 of FIGS. 3 
and 4 and Cryptographic Synchronization (CS) mes- 
sage 270 of FIGS. 3 and 5. 

Access Domain and Capabilities (AD&C) Message 
21 1 of FIG . 4 provides information for determining which 

25 key management mode to employ, which KG algorithm 
to select, which traffic key within the manual key data 
base to use, and any additional terminal capabilities. 

Cryptographic Synchronization message 270 ex- 
change (FIG. 5) provides information specifying the traf- 

30 fic mode (voice, data, etc.), seed values for the linear 
feedback shift register and/or KG starting points, and 
also allows KG synchronization verification. 

Example 

35 

The following is an example of the means and meth- 
od of the present invention. FIG. 6 illustrates an example 
of secure communications terminal 600 analogous to 
terminal 103 (and/or 109) wherein modem 610 commu- 
te? nicates with telephone line or other communications 
system 605 and is connected to microprocessor control- 
ler 620. Microprocessor controller 620 is coupled to key 
management data base 630 and to key generators KG1 
identified as 633 and KG identified as 637 (e.g., DES), 
45 switch 640, and voice or data link 645. Switch 640 de- 
termines which of key generators 633; 637 is employed 
to connect voice or data link 645 to microprocessor con- 
troller 620, modem 610, and communications system 
605. 

so FIG. 7 illustrates KG capabilities byte 710 and mo- 
dem rate capabilities byte 720 of AD&C message 211 
(FIGS. 3 and 4), showing modalities for key generation, 
data rate and format supported by a given secure com- 
munications terminal 103, 109 (FIG. 1). In these exam- 

55 pies, the unused bits are marked "RES 0 and are includ- 
ed with the used bits to form the complete capabilities 
bytes. The highest priority bit used is the leftmost one 
not marked "RES?. In KG capabilities byte 71 0, the high- 
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est priority key generator is thus DES with KG1 being 
the next highest priority key generator. Similarly, data 
rate priorities may range from 96D (highest) to 48V (low- 
est), in accordance with standard data rates which are 
well known in the art. 

A first step is the generation of AD&C message 211 
(see FIGS. 3 and 4), built up of bytes such as 710, 720 
of FIG. 7, describing capabilities of the machine origi- 
nating AD&C message 211. AD&C messages are then 
exchanged (block 21 1 , FIG. 2) and passed to microproc- 
essor controller 620, wherein they are parsed as in steps 
213, 216, 217, 219, 221, 222, 224 to determine corre- 
sponding capabilities between the two secure commu- 
nications terminals. If a failure to determine correspond- 
ence occurs, communication is terminated (block 218). 
Matching results in communications proceeding (block 
224). 

For the case where only two possible key genera- 
tors designated KG1 and DES are considered, with the 
DES key generator being given preferred status in the 
event that both are common to the two terminals (as il- 
lustrated in byte 710 of FIG. 7), AD&C message ex- 
change (block 211) concludes with one of four possible 
outcomes as described earlier. 

The initial modem rate is established by the secure 
terminal which initiates the call. The modem rate can be 
changed to another modem rate which is common to 
both secure terminals. 

Microprocessor controller 620 (FIG. 6) then sends 
a first Authentication Message (AM) and receives a sec- 
ond AM (block 230 of FIG. 5) via modem 610. The re- 
ceived AM is processed (blocks 235, 237) to decrypt a 
public key and to verify the AM. If the AM is not verified 
the processor can re-try a predetermined number of 
times and if there is still a failure, terminate communi- 
cation as in block 218 of FIG. 5. 

Microprocessor controller 620 then employs one of 
the key generators KG1-KGN from key management 
data base 630 (analogous to 21 0 of FIG. 2) to generate 
(block 245, FIG. 5) a random number which is encrypted 
(block 247) using the public key decrypted (block 235) 
from the received AM. The encrypted random number 
and other data are combined to form a random compo- 
nent message (RCM) which is exchanged (block 250) 
via modem 610 for an RCM from the remote (other) se- 
cure communications terminal. The random number ob- 
tained from the received RCM is combined with the ran- 
dom number generated (block 245) earlier to form a traf- 
fic key for the key generator determined from the AD&C 
Message. The random numbers can be combined by 
adding them using modulo two arithmetic, an operation 
realized, as for example, by means of exclusive-ORing 
two binary numbers. 

The resultant (third) random number is loaded into 
the KG selected by the AD&C message exchange 
(block 211), beginning with the most significant bit. 

Microprocessor controller 620 generates another 
random number used as a seed for the transmit linear 



feedback shift register. A check pattern is encrypted and 
transmitted (block 270) as a portion of the CS message, 
which also contains seed(s) for the remote (other) ter- 
minal's receive LFSR and/or KG. The CS message 
5 (block 270) received from the remote terminal contains 
seeds to be used by the receive LFSR and/or KG of the 
first (originating) secure communications terminal. This 
is decrypted from the received CS message and is used 
to decrypt the received check pattern. A similar opera- 
tion is being performed in the remote terminal. When the 
check pattern is properly decrypted (block 275) and ver- 
ified against the stored data check pattern, secure com- 
munication of the desired message can proceed (block 
277). In the event that decryption of the check pattern 
is not successful, the key generator is reloaded with a 
random number and CS message exchange (block 270) 
is re-tried. 

In a preferred embodiment of the present invention, 
microprocessor controller 620 comprises two Type 6303 
micro-controller chips and a Type DSP 56001 high 
speed digital signal processing chip manufactured by 
Motorola, Inc., of Phoenix, AZ. The first Type 6303 mi- 
cro-controller handles all signal flow tasks, determining 
when each of the steps of FIGS. 4 and 5 occur, the sec- 
ond Type 6303 microprocessor chip determines the 
content of each individual message 211 , 230, 250, 270, 
and the Type DSP 56001 chip performs numerically in- 
tensive computations associated with encryption and 
decryption of, for example, public key encoded data and 
other similarly computationally involved tasks. A pre- 
ferred embodiment of the modem function is Type V.26,' 
or alternatively, Type V.32. Modems of these types are 
sold by Universal Data Systems, a subsidiary of Motoro- 
la, Inc., located in Huntsville, AL However, other mo- 
dems or methods of communication can also be used. 

Based on the foregoing description, it will be appar- 
ent to those of skill in the art that the present invention 
solves the problems and achieves the purposes set forth 
earlier, and has substantial advantages as pointed out 
herein, among other things, (1 ) allowing secure commu- 
nication between differing types of secure data commu- 
nications systems employing differing encryption algo- 
rithms, key variables and key variable lengths with a sin- 
gle apparatus containing multiple ciphering engines, (2) 
providing a predetermined hierarchy of algorithms, 
keys, communications modes, etc., for increased secu- 
rity, and (3) able to be transparent to the user. By pro- 
viding these features in a single apparatus, the present 
invention minimizes power supply requirements and ex- 
pense of equipment, and provides a compact form. 

Another advantage of the present invention is that 
automation of secure information protocol and key var- 
iable exchange minimizes the need for detailed user 
knowledge of system operation. This simplifies opera- 
tion of the secure communications terminal. Additional- 
ly, need for dissemination of information describing sys- 
tem operation is reduced, thus providing additional se- 
curity by minimizing exposure of detailed system knowl- 
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Claims 

1 . A method for establishing a secure communications 
link between first (103, A) and second (109, B) ter- 
minals, wherein theterminals (103, A, 109, B) follow 
a procedure including steps of: 

exchanging (21 1 ) a first message containing in- 
formation on encryption devices and communi- 
cations modes available within the terminals 
(103, A, 109, B); 

selecting (219, 221, 222) in at least one termi- 
nal (1 03, A, 1 09 or B) a common key generation 
and ciphering method; 

exchanging (230) a second message contain- 
ing user authentication information; 
exchanging (250) a third message for providing 
data to form traffic keys; 
exchanging (270) a fourth message for syn- 
chronizing secure communications; and 
initiating (277) secure communication, the 
method characterized in that it includes the 
steps of: 

prior to said selecting (221) a common cipher- 
ing method by means of an automatic pro- 
grammed hierarchy (218, 219, 221, 222, 224) 
of secure information interchange methods 
step, a step of exchanging a first message con- 
taining information on encryption devices and 
communications modes available within the 
terminal (103, A 109, B); and 
including, in the selecting (219, 221, 222) in at 
least one terminal (103, A 109, B) a common 
key generation and ciphering method step, a 
step of selecting a common data rate. 

2. The method claimed in claim 1 wherein said third 
exchanging step (250) further includes steps of: 

generating (245) a first random number in the 
first terminal (103, A); 

generating (245) a second random number in 
a second terminal (109, B); 
exchanging (250) random numbers; and 
forming (267) in each terminals (103, A, 109, 
B), a third random number from the first and 
second random numbers to form a traffic key. 

3. The method claimed in claim 2, wherein said form- 
ing step further includes a step of exclusive ORing. 



4. The method claimed in claim 1 , wherein said fourth 55 
exchanging step (270) further includes steps of: 

encrypting a known data pattern using the in- 
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formation from the third exchanging step (250); 
transmitting the encrypted known data pattern; 
receiving an encrypted known data pattern; 
decrypting the received encrypted known data 
pattern using a traffic key derived from the third 
exchanging step (250); and 
comparing the decrypted received encrypted 
known data pattern to a stored known data pat- 
tern to determine agreement. 

5. The method claimed in claim 4, wherein said de- 
crypting step further includes a step of decrypting a 
random number for use as a linear feedback shift 
register seed. 

6. ? The method claimed in claim 1 , wherein said fourth 
exchanging step (270) further includes a step of 
generating an initial linear feedback shift register 
seed value. 



Patentanspruche 

1. Verfahren zur Herstellung einer gesicherten Kom- 
munikationsverbindung zwischen einem ersten 
(103, A) und einem zweiten (109, B) Endgerat, wo- 
bei die Endgerate (103, A, 109, B) einer Prozedur 
folgen, die die Schritte umfaGt: 

Austauschen (211) einer ersten Nachricht, die 
Information uber Verschlusselungseinrtchtun- 
gen und ubertragungsmodi enthalt, die inner- 
halb der Endgerate (103, A, 109, B) zur Verfu- 
gung stehen; 

Wahlen (219, 221, 222) in wenigstens einem 
Endgerat (103, A, 109 oder B) eines gemein- 
samen Schlusselerzeugungs- und Verschlus- 
selungsverfahrens; 

Austauschen (230) einer zweiten Nachricht, die 
Benutzer-Berechtigungsinformation enthalt; 

Austauschen (250) einer dritten Nachricht, die 
Daten bereitstellt, um Verkehrsschlussel zu bil- 
den; 

Austauschen (270) einer vierten Nachricht zum 
Synchronisieren gesicherter Ubertragungen 
und 

Einleiten (277) der gesicherten ubertragung, 
wobei das Verfahren dadurch gekennzeichnet 
ist, daG es die die Schritte umfaGt: 

vor dem Schritt zum Wahlen (221) eines ge- 
meinsamen Verschlusselungsverfahrens mit- 
tels einer automatischen programmierten Hier- 
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archie (218, 219, 221, 222, 224) von gesicher- 
ten Informationsaustauschverfahren, einen 
Schritt zum Austauschen einer ersten Nach- 
richt, die Information uber Verschlusselungs- 
einrichtungen und Ubertragungsmodi enthalt, 5 
die innerhalb des Endgerates (103, A, 109, B) 
zur Verfugung stehen, und 

EinschlieBen, in den Schritt zum Wahlen (219, 
221 , 222) eines gemeinsamen Schlusselerzeu- 10 
gungs- und Verschlusselungsvertahrens inwe- 
nigstens einem Endgerat (103, A, 109, B), ei- 
nes Schritts zum Wahlen einer gemeinsamen 
Datengeschwindigkeit. 

75 

Verfahren nach Anspruch 1 , bei dem der dritte Aus- 
tauschschritt (250) wetter die Schritte umfaBt: 

Erzeugen (245) einer ersten Zufallszahl in dem 
ersten Endgerat (103, A); 20 

Erzeugen (245) einer zweiten Zufallszahl in 
dem zweiten Endgerat (109, B); 

Austauschen (250) der Zufallszahlen und 25 

Bilden (267) in jedem Endgerat (103, A, 109, 
B) einer dritten Zufallszahl aus der ersten und 
zweiten Zufallszahl, um einen Verkehrsschlus- 
sel zu bilden. 30 

Verfahren nach Anspruch 2, bei dem der Bildungs- 
schritt weiter einen Schritt zur Exklusiv-ODER-Ver- 
knupfung umfaBt. 

35 

Verfahren nach Anspruch 1 , bei dem der vierte Aus- 
tauschschritt (270) weiter die Schritte umfaBt: 

Verschlusseln eines bekannten Datenmusters 
unter Verwendung der Information von dem 40 
dritten Austauschschritt (250); 

Senden des verschlusselten bekannten Daten- 
musters; 

45 

Empfangen eines verschlusselten bekannten 
Datenmusters; 

Entschlusseln des empfangenen, verschlus- 
selten bekannten Datenmusters unter Verwen- so 
dung eines von dem dritten Austauschschritt 
(250) erlangten Verkehrsschlussels und 

Vergleichen des entschlusselten, empfange- 
nen, verschlusselten bekannten Datenmusters ss 
mit einem gespeicherten bekannten Datenmu- 
ster, um Obereinstimmung festzustellen. 



5. Verfahren nach Anspruch 4, bei dem der Entschlus- 
selungsschritt weiter einen Schritt zum Entschlus- 
seln einer Zufallszahl zur Verwendung als Saat fur 
.ein lineares Ruckkopplungs-Schieberegister um- 
faBt. 

6. Verfahren nach Anspruch 1 , bei dem der vierte Aus- 
tauschschritt (270) weiter einen Schritt zum Erzeu- 
gen eines Anfangssaatwertes fur ein lineares Ruck- 
kopplungs-Schieberegister umfaBt. 



Revendications 

1. Proc6de d'etablissement d'une liaison de telecom- 
munications sOresentre des premier (103, A), et se- 
cond (109, B) terminaux, dans lequel les terminaux 
(103, A, 109, B) suivent une procedure incluant les 

\ etapes : 

d'echange (211) d'un premier message conte- 
nant de ^information sur les dispositifs de cryp- 
tage et les modes de telecommunications dis- 
ponibles dans les terminaux (103, A, 109, B) ; 
de choix (21 9, 221 , 222), dans au moins un ter- 
minal (1 03, A, 1 09, ou B), d'un procede de pro- 
duction de cle commune et de chiffrage ; 
d'echange (230) d'un deuxieme message con- 
tenant I'information d'authentification 
d'utilisateur ; 

d'echange (250) d'un troisieme message pour 
delivrer des donnees pour former des cles de 
trafic ; 

d'echange (270) d'un quatrieme message pour 
synchroniser les telecommunications sOres ; et 
de lancement (277) d'une communication sure, 
le procede etant caract6rise en ce qu'il com- 
prend les etapes : 

avant ladite etape de choix (221) d'un proced6 
de chiffrage commun au moyen d'une hierar- 
chie automatique programmee (218, 219, 221, 
222, 224) de procedes d'echange d'information 
sure, une etape d'echange d'un premier mes- 
sage contenant de I'information sur les dispo- 
sitifs de cryptage et les modes de telecommu- 
nications disponibles dans le terminal (103, A, 
109, B) ; et 

d'inclusion, dans l'6tape de choix (219, 221, 
222), dans au moins un terminal (103, A, 109, 
B), d'un procede commun de production de cle 
et de chiffrage, d'une etape de selection d'un 
debit de donnees commun. 

2. Proc6d§ selon la revendication 1 , dans lequel ladite 
troisieme 6tape d'echange (250) comprend en 
outre les 6tapes : 

de production (245) d'un premier nombre alea- 
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toire dans le premier terminal (103, A) ; 
de production (245) d'un deuxieme nombre 
aleatoire dans un second terminal (109, B) ; 
d'echange (250) des nombres al6atoires ; et 
de formation (267) dans chaque terminal (103, s 
A, 109, B), d'un troisieme nombre aleatoire & 
partir des premier et deuxieme nombres al6a- 
toires pour former une cle de trafic. 

Procede selon la revendication 2, dans lequel ladite 10 
etape de formation comprend, en outre, une 6tape 
d'application d'une fonction OU-EXCLUSIF. 

Proc6de selon la revendication 1 , dans lequel ladite 
quatrieme etape d'echange (270) comprend, en 15 
outre, les etapes : 

de cryptage d'une combinaison de donn6es 
connue en utilisant ('information issue de la troi- 
sieme etape d'echange (250) ; 
d'emission de la combinaison de donn6es con- 
nue cryptee ; 

de reception d'une combinaison de donnees 
connue cryptee ; 

de decryptage de la combinaison de donn6es 
connue crypt6e regue en utilisant une cle de 
trafic obtenue de la troisieme etape d'echange 
(250) ; et 

de comparaison de la combinaison de donn6es 
connue cryptee recue d6crypt6es & une com- 
binaison de donn6es connue m6morisee, pour 
determiner une concordance. 

Procede selon la revendication 4, dans lequel ladite 
etape de d6cryptage comprend, en outre, une 6ta- 35 
pe de decryptage d'un nombre aleatoire pour utili- 
sation comme semence d'un registre & decalage de 
contre-r6action Iin6aire. 

Procede selon la revendication 1 , dans lequel ladite *o 
quatrieme 6tape d'echange (270) comprend, en 
outre, une 6tape de production d'une valeur initiale 
de semence de registre & decalage de contre-reac- 
tion Iin6aire. 
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